Filter
Top Products
To view the configuration, use the show config in LINE mode or the show running-config
command in EXEC Privilege mode.
Defining a AAA Method List to be Used for RADIUS
To configure RADIUS to authenticate or authorize users on the system, create a AAA method list.
Default method lists do not need to be explicitly applied to the line, so they are not mandatory.
To create a method list, use the following commands.
• Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the
RADIUS authentication method.
CONFIGURATION mode
aaa authentication login method-list-name radius
• Create a method list with RADIUS and TACACS+ as authorization methods.
CONFIGURATION mode
aaa authorization exec {method-list-name | default} radius tacacs+
Typical order of methods: RADIUS, TACACS+, Local, None.
If RADIUS denies authorization, the session ends (RADIUS must not be the last method specified).
Applying the Method List to Terminal Lines
To enable RADIUS AAA login authentication for a method list, apply it to a terminal line.
To configure a terminal line for RADIUS authentication and authorization, use the following commands.
• Enter LINE mode.
CONFIGURATION mode
line {aux 0 | console 0 | vty number [end-number]}
• Enable AAA login authentication for the specified RADIUS method list.
LINE mode
login authentication {method-list-name | default}
This procedure is mandatory if you are not using default lists.
• To use the method list.
CONFIGURATION mode
authorization exec methodlist
Specifying a RADIUS Server Host
When configuring a RADIUS server host, you can set different communication parameters, such as the
UDP port, the key password, the number of retries, and the timeout.
To specify a RADIUS server host and configure its communication parameters, use the following
command.
• Enter the host name or IP address of the RADIUS server host.
CONFIGURATION mode
802
Security